Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Decrypting the Encryption Debate: A Framework for
Decision Makers
Committee on Law Enforcement and Intelligence Access to Plaintext Information
Computer Science and Telecommunications Board
Division on Engineering and Physical Sciences
A Consensus Study of
PRE-PUBLICATION COPYâSUBJECT TO FURTHER EDITORIAL CORRECTION

THE NATIONAL ACADEMIES PRESS 500 Fifth Street, NW Washington, DC 20001
This activity was supported by award number 2015-3078 from the William and Flora Hewlett
Foundation, award number 15-109219-000-HRS from the John D. and Catherine T. MacArthur
Foundation, and award number CNS-1555610 from the National Science Foundation. Any opinions,
ï¬ndings, conclusions, or recommendations expressed in this publication do not necessarily reï¬ect
the views of any organization or agency that provided support for the project.
International Standard Book Number-13:
International Standard Book Number-10:
Digital Object Identiï¬er: 10.17226/25010
Additional copies of this report are available for sale from the National Academies Press, 500 Fifth
Street, NW, Keck 360, Washington, DC 20001; (800) 624-6242 or (202) 334-3313;
http://www.nap.edu.
Copyright 2018 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America
Suggested citation: National Academies of Sciences, Engineering, and Medicine. 2018. Decrypting the
Encryption Debate: A Framework for Decision Makers. Washington, DC: The National Academies
Press. https://doi.org/10.17266/25010
PRE-PUBLICATION COPYâSUBJECT TO FURTHER EDITORIAL CORRECTION

The National Academy of Sciences was established in 1863 by an Act of Congress, signed by
President Lincoln, as a private, nongovernmental institution to advise the nation on issues related to
science and technology. Members are elected by their peers for outstanding contributions to
research. Dr. Marcia McNutt is president.
The National Academy of Engineering was established in 1964 under the charter of the National
Academy of Sciences to bring the practices of engineering to advising the nation. Members are
elected by their peers for extraordinary contributions to engineering. Dr. C. D. Mote, Jr., is president.
The National Academy of Medicine (formerly the Institute of Medicine) was established in 1970
under the charter of the National Academy of Sciences to advise the nation on medical and health
issues. Members are elected by their peers for distinguished contributions to medicine and health.
Dr. Victor J. Dzau is president.
The three Academies work together as the National Academies of Sciences, Engineering, and
Medicine to provide independent, objective analysis and advice to the nation and conduct other
activities to solve complex problems and inform public policy decisions. The Academies also
encourage education and research, recognize outstanding contributions to knowledge, and increase
public understanding in matters of science, engineering, and medicine.
Learn more about the National Academies of Sciences, Engineering, and Medicine at
www.nationalacademies.org.
PRE-PUBLICATION COPYâSUBJECT TO FURTHER EDITORIAL CORRECTION

Consensus Study Reports published by the National Academies of Sciences, Engineering,
and Medicine document the evidence-based consensus on the studyâs statement of task by
an authoring committee of experts. Reports typically include ï¬ndings, conclusions, and
recommendations based on information gathered by the committee and the committeeâs
deliberations. Each report has been subjected to a rigorous and independent peer-review
process and it represents the position of the National Academies on the statement of task.
Proceedings published by the National Academies of Sciences, Engineering, and Medicine
chronicle the presentations and discussions at a workshop, symposium, or other event
convened by the National Academies. The statements and opinions contained in
proceedings are those of the participants and are not endorsed by other participants, the
planning committee, or the National Academies.
For information about other products and activities of the National Academies, please visit
nationalacademies.org/whatwedo.
PRE-PUBLICATION COPYâSUBJECT TO FURTHER EDITORIAL CORRECTION

Acknowledgement of Reviewers
This Consensus Study Report was reviewed in draft form by individuals chosen for their diverse
perspectives and technical expertise. The purpose of this independent review is to provide candid
and critical comments that will assist the National Academies of Sciences, Engineering, and Medicine
in making each published report as sound as possible and to ensure that it meets the institutional
standards for quality, objectivity, evidence, and responsiveness to the study charge. The review com-
ments and draft manuscript remain conï¬dential to protect the integrity of the deliberative process.
We wish to thank the following individuals for their review of this report:
Kevin Bankston, Open Technology Institute,
Alvaro Bedoya, Georgetown Law School,
James Emerson, iThreat Cyber Group,
Edward W. Felten, Princeton University,
Eric Grosse, EHG Flight, LLC,
Joseph Lorenzo Hall, Center for Democracy and Technology,
Susan Hennessey, Brookings Institution,
John C. (âChrisâ) Inglis, United States Naval Academy,
Kenn Kern, New York County District Attorneyâs Ofï¬ce,
Butler Lampson, Microsoft Corp.,
Josiah Landers, Rockland County, N.Y., District Attorneyâs Ofï¬ce,
Bruce W. McConnell, EastWest Institute,
Deirdre K. Mulligan, University of California, Berkeley,
Ronald L. Rivest, Massachusetts Institute of Technology,
Peter Swire, Georgia Institute of Technology, and
Marcus C. Thomas, Subsentio, LLC.
Although the reviewers listed above provided many constructive comments and suggestions,
they were not asked to endorse the conclusions or recommendations of this report nor did they see
the ï¬nal draft before its release. The review of this report was overseen by Robert F. Sproull, Univer-
sity of Massachusetts, Amherst. He was responsible for making certain that an independent exam-
ination of this report was carried out in accordance with the standards of the National Academies
and that all review comments were carefully considered. Responsibility for the ï¬nal content rests
entirely with the authoring committee and the National Academies.
vii
PRE-PUBLICATION COPYâSUBJECT TO FURTHER EDITORIAL CORRECTION

PRE-PUBLICATION COPYâSUBJECT TO FURTHER EDITORIAL CORRECTION

Preface
Government access to the plaintext of encrypted communications and stored data presents dif-
ï¬cult, important, and controversial issues that reveal conï¬icting values within the government and
society at large. The debate over efforts to ensure that access is very polarized. Critics of government
access, even as they acknowledge the importance of effective law enforcement, cite legal and prac-
tical objections, including risks to security, privacy and civil liberties, and U.S. commercial interests.
Government ofï¬cials acknowledge the value of encryption to protect privacy and conï¬dential infor-
mation but also express the need to be able to access information relevant to investigations when
properly authorized.
To address these issues (Box P.1), the National Academies of Sciences, Engineering, and
Medicine appointed the Committee on Law Enforcement and Intelligence Access to Plaintext Infor-
mation (biosketches in Appendix A). It met four times in person to receive brieï¬ngs from govern-
ment, industry, and academic experts (listed in Appendix B) and also used these meetings, supple-
mented by conference calls and email discussion, to deliberate and develop this report.
To better inform the policy debate and future decision making, this report reviews how encryp-
tion is used, including its applications to cybersecurity; its role in protecting privacy and civil liber-
ties; the needs of law enforcement and the intelligence community for information; technical and
policy options for accessing plaintext; and the international landscape.
Because the concerns expressed by law enforcement ofï¬cials at the federal, state, and local lev-
els have been more clearcut and less nuanced than the views offered by U.S. intelligence ofï¬cials,
who in contrast to law enforcement representatives have not vigorously advocated in public for ex-
ceptional access, this report gives greater attention to law enforcement needs but also discusses na-
tional security needs. The last chapter of the report provides a framework for evaluating policy or
technical approaches for government access to plaintext. The committee intends that developing and
debating answers to these questions will help illuminate the underlying issues and trade-offs and
help guide future decisions about government access to plaintext.
Moreover, while it suspects there will always be disagreements over how to address the chal-
lenges presented by encryption, it is the committeeâs hope that this report will facilitate a frank
conversation, involving all parties, about those challenges and alternative approaches to address-
ing them. The process of creating this report at times was challenging and required members of the
committee to develop a deeper understanding of perspectives with which they did not always agree.
But the process also was illuminating, and the committee hopes that the common vocabulary and
broad context provided by this report, as well as the analytical framework, will make future conver-
sations easier, more productive, and more likely.
The committee would like to acknowledge the William and Flora Hewlett Foundation, the John
D. and Catherine T. MacArthur Foundation, and the National Science Foundation for their generous
support for this project and in particular Eli Sugarman (Hewlett Foundation), Eric Sears (MacArthur
Foundation), and Jeremy Epstein (National Science Foundation) for their encouragement and sup-
port. It also thanks the National Academies of Sciences, Engineering, and Medicine staff who sup-
ix
PRE-PUBLICATION COPYâSUBJECT TO FURTHER EDITORIAL CORRECTION

PREFACE xi
BOX P.1 Statement of Task
A National Academies of Sciences, Engineering, and Medicine study will examine the tradeoffs
associated with mechanisms to provide authorized government agencies with access to the plain-
text version of encrypted information. The study will describe the context in which decisions about
such mechanisms would be made and identify and characterize possible mechanisms and alterna-
tive means of obtaining information sought by the government for law enforcement or intelligence
investigations. It will seek to ï¬nd ways to measure or otherwise characterize risks so that they could
be weighed against the potential law enforcement or intelligence beneï¬ts. The study will not seek to
answer the question of whether access mechanisms should be required but rather will provide an
authoritative analysis of options and trade-offs.
PRE-PUBLICATION COPYâSUBJECT TO FURTHER EDITORIAL CORRECTION

Encryption protects information stored on smartphones, laptops, and other devices - in some cases by default. Encrypted communications are provided by widely used computing devices and services - such as smartphones, laptops, and messaging applications - that are used by hundreds of millions of users. Individuals, organizations, and governments rely on encryption to counter threats from a wide range of actors, including unsophisticated and sophisticated criminals, foreign intelligence agencies, and repressive governments. Encryption on its own does not solve the challenge of providing effective security for data and systems, but it is an important tool.

At the same time, encryption is relied on by criminals to avoid investigation and prosecution, including criminals who may unknowingly benefit from default settings as well as those who deliberately use encryption. Thus, encryption complicates law enforcement and intelligence investigations. When communications are encrypted "end-to-end," intercepted messages cannot be understood. When a smartphone is locked and encrypted, the contents cannot be read if the phone is seized by investigators.

Decrypting the Encryption Debate reviews how encryption is used, including its applications to cybersecurity; its role in protecting privacy and civil liberties; the needs of law enforcement and the intelligence community for information; technical and policy options for accessing plaintext; and the international landscape. This book describes the context in which decisions about providing authorized government agencies access to the plaintext version of encrypted information would be made and identifies and characterizes possible mechanisms and alternative means of obtaining information.

Welcome to OpenBook!

You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.